Any suggestions appreciated.
I am running a wireless network using a LinkSystem WRVS4400N. I would really love a software application where I could monitor the router traffic from from my laptop and hopefully translated to something a bit more organized and useful then what is sent now as a log file.
I would love to know when I am being probed for any weakness in my network and more importantly, when my network has been compromised.
Cisco NetManager would not work on Vista but something simular for vista would be nice.
Operating system Vista - 64
Firewall / Virus software - AVG 9.0
Thanks for any help
Probably your network is being 'probed' 100s of times per hour ... a lot to say the least. It might start with a ping, and then a port scan.
The WRVS does provide a nice perimeter, and so you are fine. Are you keeping up with the software loads? It is best to stay current and be sure to read the release notes when you are making your decision on whether or not you should upgrade the router.
Some side notes ... please forgive these ramblings ...
Are you allowing well known ports to come into your network, unauthenticated traffic? If you are allowing these for whatever reason, then outside traffic is already getting in. If this trusted communications? You would know best, but just trying to make the point that your router is doing much to stop all unwanted traffic so there is not much need to monitor this IMO unless you are allowing outside unauthenticated traffic into your network ...
Some basics for your router:
- change all the default passwords
- do not allow external management or even from the wireless network
- if you are sharing resources, then use a DMZ with specific security policies
- be a specific as possible in your policies ...
If security is a heavy concern for you, then you may also choose to put ACLs on your switches too for the ports that connect to mission critical devices. You can allow or disallow traffic in your switches ... Wireless network secure?
You mentioned the virus software, and this is key along with keeping the PCs up to date. It is far too often that we hear of new viruses and security holes ... it is important to keep up with the patches and virus software.
Wireshark is pretty good, but it might provide too much traffic analyses. You can use filters to provide more focus. How will you 'see' the traffic from the router? You will need to set up a span / monitor port so that the traffic is also sent to your PC.
A note is needed - when you enable span / monitor, some switches will block inbound traffic from the monitoring workstation. This means you would need a dedicated monitoring station since this station would not be able to send traffic and only receive.
Refer to the switch documentation for info on whether or not this port becomes a dedicated monitoring port and or you can still work from it.